Traceability Documentation Overview
VEX Reports
VEX is the standard for communicating supply-chain information about software vulnerabilities. Understanding what it is, how to use it correctly, and what Torizon provides makes vulnerability management much easier.
SBOM Reports
SBOMs provide a clear inventory of software assets for visibility and control. See how they simplify regulatory compliance, support audits, and build confidence in dependency management.
In-Toto Attestations
In-toto attestations are cryptographically signed records of the Torizon OS build process, capturing every step of the supply chain — learn how they strengthen trust, reduce security blind spots, and simplify compliance efforts (e.g., SBOM/VEX, SLSA).